Police Number Spoofed In Gift Card Scam Campaign

Scammers are exploiting caller ID spoofing technology to impersonate the Police Service of Northern Ireland (PSNI), displaying legitimate police phone numbers to trick victims into purchasing gift cards. The PSNI has issued a public service announcement warning residents that officers will never request payment via gift cards, iTunes vouchers, or other prepaid methods. This social engineering campaign demonstrates how attackers leverage trust in law enforcement to pressure victims into immediate financial compliance without verification.

Introduction

Northern Ireland residents are facing a sophisticated phone scam where criminals spoof the official Police Service of Northern Ireland telephone number to lend credibility to fraudulent demands. Victims receive calls appearing to originate from legitimate PSNI contact numbers, with scammers posing as police officers claiming the target owes fines, faces arrest warrants, or must resolve urgent legal matters through immediate gift card purchases.

This attack vector combines technical deception through caller ID manipulation with psychological manipulation tactics designed to create panic and urgency. By impersonating law enforcement, scammers exploit the inherent authority and trust associated with police communications, while the gift card payment method provides untraceable, irreversible transactions that benefit criminal operations.

The PSNI’s public warning underscores a growing trend where threat actors weaponize telecommunications infrastructure vulnerabilities to enhance traditional fraud schemes with technical sophistication that defeats basic verification methods most citizens rely upon.

Background & Context

Caller ID spoofing has existed for decades but has become increasingly accessible through Voice over IP (VoIP) services and online platforms that allow anyone to manipulate the number displayed on recipient phones. While legitimate uses exist—such as businesses displaying main callback numbers instead of individual extensions—criminals have weaponized this capability for fraud operations.

Gift card scams represent a preferred payment method for criminals because they offer several advantages: immediate value transfer, difficulty tracing funds, no chargeback mechanisms, and the ability to quickly liquidate cards through secondary markets. Unlike wire transfers or cryptocurrency transactions that leave digital trails, gift cards can be redeemed anonymously and converted to goods or other currencies.

Law enforcement impersonation scams specifically target victims’ fear of legal consequences and authority figures. Scammers rely on victims’ unfamiliarity with actual police procedures, creating scenarios involving arrest warrants, unpaid fines, jury duty violations, or compromised identities requiring immediate resolution. The urgency and fear tactics prevent victims from pausing to verify claims through official channels.

Northern Ireland’s relatively small population and centralized police service create an environment where a single spoofed number can appear credible across the entire jurisdiction. The PSNI operates as the unified police force for Northern Ireland, making impersonation of their contact numbers particularly effective for scammers targeting the region.

Technical Breakdown

The technical mechanism enabling this scam relies on vulnerabilities in the SS7 (Signaling System 7) protocol and modern VoIP systems that trust caller-provided identification without cryptographic verification.

Caller ID Spoofing Process:

Traditional caller ID systems transmit calling number information through the telephone network without authentication. VoIP services make this even simpler by allowing users to configure arbitrary “From” numbers in SIP (Session Initiation Protocol) headers:

INVITE sip:victim@example.com SIP/2.0
From: "Police Service NI" 
To: 

Scammers utilize several methods to execute spoofing:

VoIP Service Providers: Some providers allow customers to set custom caller IDs with minimal verification, ostensibly for legitimate business purposes. Attackers register accounts and configure the PSNI’s public numbers as their display identity.

SIP Trunk Manipulation: More sophisticated actors configure their own SIP trunks with manipulated header information, routing calls through international gateways that don’t validate originating number authenticity.

PBX Exploitation: Compromised Private Branch Exchange (PBX) systems can be configured to place calls with arbitrary caller IDs, providing attackers with infrastructure that appears legitimate to telecommunications carriers.

The Scam Execution Flow:

• Attacker configures VoIP system to display PSNI number (e.g., 0845 600 8000)
• Call placed to victim appears on phone screen with legitimate police identifier
• Social engineering script executed claiming legal emergency
• Victim instructed to purchase specific gift cards (iTunes, Google Play, Amazon)
• Victim provides card numbers/PINs to “resolve” the fabricated issue
• Funds immediately drained and laundered through resale networks

The combination of technical deception (spoofed number) and psychological manipulation (authority impersonation + urgency) creates a powerful attack that defeats single-factor verification—victims calling back the displayed number would reach actual police, but they’re pressured to act immediately without verification.

Impact & Risk Assessment

Individual Financial Risk: Victims typically lose between £200-£2,000 per incident, with vulnerable populations including elderly residents and non-native speakers particularly susceptible to authority-based social engineering tactics.

Trust Degradation: When citizens can’t trust incoming calls displaying police numbers, legitimate emergency communications become compromised. Victims of actual crimes may hesitate to respond to genuine police contact, creating public safety implications.

Law Enforcement Resource Drain: Police departments must allocate staff to field verification calls, issue public warnings, and investigate reports, diverting resources from other policing priorities.

Telecommunications Infrastructure Vulnerability: The broader issue reveals systemic weaknesses in caller identification systems that extend beyond this specific scam to potential national security concerns involving emergency services impersonation.

Psychological Impact: Beyond financial losses, victims experience embarrassment, stress, and lasting distrust of phone communications, with some elderly victims suffering significant emotional trauma from aggressive scam tactics.

Risk Severity Factors:

• Likelihood: HIGH – Low technical barriers and accessible spoofing services
• Impact: MEDIUM – Individual financial losses moderate but widespread exposure
• Detection Difficulty: HIGH – Spoofed calls appear identical to legitimate communications
• Prevention Complexity: MEDIUM – Requires public education rather than technical fixes

Vendor Response

The Police Service of Northern Ireland has issued multiple public warnings through official channels, explicitly stating that PSNI officers will never:

• Request payment via gift cards, vouchers, or cryptocurrency
• Demand immediate payment to avoid arrest
• Request financial information over unsolicited phone calls
• Threaten arrest for unpaid fines without prior written communication

The PSNI has established verification protocols encouraging residents to:

• Terminate suspicious calls immediately
• Contact police through verified official numbers found independently
• Report incidents through the Action Fraud reporting system
• Never provide financial information based on incoming calls

Telecommunications regulatory bodies in the UK, including Ofcom, have implemented partial measures requiring some VoIP providers to validate customer information, but enforcement remains inconsistent across international providers routing calls into UK networks.

Major gift card retailers have enhanced warning signage and trained cashiers to recognize potential scam victims making unusual purchases, though these measures provide limited protection once social engineering has succeeded.

Mitigations & Workarounds

Immediate Protective Actions:

• Implement Call Verification Protocol: Never act on financial requests from incoming calls, regardless of displayed number. Independently look up official contact information and call back through verified channels.
• Enable Carrier-Level Protections: Contact mobile/landline providers to activate available spam call filtering services:

# Example for mobile carriers
EE: Call Protect (free service blocking known scam numbers)
O2: Call Guardian
Vodafone: Voicemail-to-text with caller screening

– Telephone Preference Service (TPS) to reduce unsolicited calls
– Action Fraud alert system for regional scam warnings

Technical Countermeasures:

Deploy call authentication apps that leverage crowdsourced scam databases:

• Truecaller
• Hiya
• RoboKiller

Configure smartphone settings to silence unknown callers:

iOS: Settings > Phone > Silence Unknown Callers
Android: Phone app > Settings > Blocked numbers > Unknown callers

Organizational Recommendations:

Financial institutions and retailers selling gift cards should implement transaction monitoring for patterns indicating fraud victimization—multiple high-value gift card purchases by elderly customers warrant intervention.

Detection & Monitoring

Individual Detection Indicators:

Recognize scam characteristics during calls:

• Urgency language: “Immediate action required” or “Arrest warrant will be issued today”
• Payment method requests: Any mention of gift cards, iTunes vouchers, cryptocurrency
• Caller pressure tactics: Discouraging callback verification or consultation with family
• Unusual details: Police providing bank account numbers or gift card redemption instructions
• Inconsistencies: Generic greetings instead of specific case numbers or officer identification

Community-Level Monitoring:

Local communities should establish reporting mechanisms:

• Neighborhood watch groups sharing scam alert information
• Community centers providing awareness sessions for vulnerable populations
• Financial institutions monitoring unusual gift card purchase patterns

Telecommunications Monitoring:

Service providers should implement anomaly detection for:

• High-volume calls originating from single sources with varied caller IDs
• International VoIP traffic spoofing domestic emergency services numbers
• Patterns matching known scam operation signatures

Best Practices

For Individuals:

• Verify Before Acting: Legitimate law enforcement provides written notices for fines and legal matters with case numbers verifiable through official channels.
• Understand Payment Norms: No government agency or law enforcement requests payment via gift cards. Acceptable methods include court payments, official fine payment systems with receipts, or documented bank transfers.
• Practice Call Hygiene:

– Don’t answer calls from unknown numbers
– Let suspicious calls go to voicemail
– Never provide personal information to unsolicited callers
– Use callback verification for any requests involving money or sensitive data

• Educate Vulnerable Contacts: Regularly discuss scam tactics with elderly relatives and non-native speakers who may be disproportionately targeted.

For Organizations:

• Retail Point-of-Sale Interventions: Train cashiers to question large gift card purchases and display warning signage specifically mentioning law enforcement impersonation scams.
• Financial Institution Monitoring: Banks should flag unusual withdrawal patterns potentially funding gift card purchases.
• Community Outreach: Police departments should conduct regular public education campaigns through diverse channels reaching vulnerable populations.

For Telecommunications Providers:

• Implement STIR/SHAKEN protocols (Secure Telephone Identity Revisited/Signature-based Handling of Asserted Information Using toKENs) for call authentication
• Monitor and suspend accounts engaging in caller ID manipulation for fraudulent purposes
• Provide accessible reporting mechanisms for customers receiving spoofed calls

Key Takeaways

• Caller ID spoofing technology enables scammers to display legitimate police phone numbers, defeating basic verification methods
• The PSNI and law enforcement agencies worldwide never request payment via gift cards, vouchers, or cryptocurrency
• Victims should terminate suspicious calls immediately and contact police through independently verified official channels
• Telecommunications infrastructure vulnerabilities require systemic solutions beyond individual protective measures
• Public education remains the most effective near-term defense against social engineering attacks leveraging technical deception
• The combination of authority impersonation and urgency tactics exploits psychological vulnerabilities more than technical knowledge gaps
• Community-level awareness and retail intervention points provide additional protection layers for vulnerable populations

References

• Police Service of Northern Ireland Official Statements – https://www.psni.police.uk/
• Action Fraud UK – National Fraud Reporting Centre – https://www.actionfraud.police.uk/
• Ofcom – UK Telecommunications Regulatory Authority – https://www.ofcom.org.uk/
• Federal Communications Commission – Caller ID Spoofing Documentation
• STIR/SHAKEN Call Authentication Framework – IETF RFC 8224
• UK Finance – Gift Card Fraud Statistics and Prevention Guidelines

Stay updated at https://cydhaal.com — Your Daily Dose of Cyber Intelligence.
📧 Subscribe to our newsletter at https://cydhaal.com/newsletter/